Environment

Situation

Reflection FTP Client is a component of many Attachmate products. This
technical note lists the features, security updates, and fixes in
version 14.1 SP3 Update 1 (version 14.1.3.247).

Resolution

Reflection FTP Client 14.1 SP3 Update 1

The following issues are resolved in Reflection FTP Client 14.1 SP3 Update 1.

Security Updates

CVE-2014-0160- OpenSSL "Heartbleed" Vulnerability -
This update includes updated OpenSSL libraries that resolve this issue.
Note: This OpenSSL vulnerability affected only Reflection TLS 1.2
connections made to a malicious server. The default Reflection TLS 1.0
connections are not subject to this vulnerability.

CVE-2013-4353 - The ssl3_take_mac function allows
remote TLS servers to cause a denial of service via a crafted TLS
handshake. This update includes updated OpenSSL libraries that resolve
this issue.

Resolved Issues

The "Download As" option now works correctly when you are connected to a NonStop (Guardian API) server.

When connected to a NonStop (Guardian API)
server, the server pane now correctly displays files that contain an
owner value that has multiple entries, such as "101,255".

Product Enhancements

To support these changes, the following Secure Shell configuration
file keyword was added and is enabled by default. Note that applying
this update automatically enables this setting; you do not need to make
any configuration changes.

Nodelay - This setting addresses a change made by Microsoft that
enables the Nagle algorithm on Windows tcp sockets by default, and can
adversely affect performance in Secure Shell connections. Setting
Nodelay to yes (the default) disables this algorithm and improves
performance on most systems.

Resolved Issue

Command line input redirection (for example
sftp<input.txt) now works correctly with the sftp and ssh command
line utilities.